hit counter script

Resequencing Aces In An Acl; Creating Named Standard And Extended Acls - Cisco Catalyst 2975 Software Configuration Manual

Ios release 12.2(55)se
Hide thumbs Also See for Catalyst 2975:
Table of Contents

Advertisement

Chapter 31
Configuring Network Security with ACLs
After creating a numbered extended ACL, you can apply it to terminal lines (see the
ACL to a Terminal Line" section on page
Interface" section on page

Resequencing ACEs in an ACL

Sequence numbers for the entries in an access list are automatically generated when you create a new
ACL. You can use the ip access-list resequence global configuration command to edit the sequence
numbers in an ACL and change the order in which ACEs are applied. For example, if you add a new ACE
to an ACL, it is placed at the bottom of the list. By changing the sequence number, you can move the
ACE to a different position in the ACL.
For information about the ip access-list resequence command:
http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fsaclseq.html#wp1027188

Creating Named Standard and Extended ACLs

You can identify IPv4 ACLs with an alphanumeric string (a name) rather than a number. You can use
named ACLs to configure more IPv4 access lists in a router than if you were to use numbered access
lists. If you identify your access list with a name rather than a number, the mode and command syntax
are slightly different. However, not all commands that use IP access lists accept a named access list.
The name you give to a standard or extended ACL can also be a number in the supported range of access
Note
list numbers. That is, the name of a standard IP ACL can be 1 to 99; the name of an extended IP ACL
can be 100 to 199. The advantage of using named ACLs instead of numbered lists is that you can delete
individual entries from a named list.
Consider these guidelines and limitations before configuring named ACLs:
Beginning in privileged EXEC mode, follow these steps to create a standard ACL using names:
Command
Step 1
configure terminal
Step 2
ip access-list standard name
Step 3
deny {source [source-wildcard] | host source |
any}
or
permit {source [source-wildcard] | host source
| any}
Step 4
end
OL-19720-02
31-18).
Not all commands that accept a numbered ACL accept a named ACL. ACLs for packet filters and
route filters on interfaces can use a name.
A standard ACL and an extended ACL cannot have the same name.
Numbered ACLs are also available, as described in the
ACLs" section on page
31-6.
31-17), to interfaces (see the
"Creating Standard and Extended IPv4
Purpose
Enter global configuration mode.
Define a standard IPv4 access list using a name, and enter
access-list configuration mode.
The name can be a number from 1 to 99.
In access-list configuration mode, specify one or more conditions
denied or permitted to decide if the packet is forwarded or dropped.
host source—A source and source wildcard of source 0.0.0.0.
any—A source and source wildcard of 0.0.0.0
255.255.255.255.
Return to privileged EXEC mode.
Catalyst 2975 Switch Software Configuration Guide
Configuring IPv4 ACLs
"Applying an IPv4
"Applying an IPv4 ACL to an
31-13

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents